GC and security
Fredrik Lundh
fredrik at pythonware.com
Thu Aug 31 03:44:47 EDT 2006
Fredrik Lundh wrote:
> a time (if that's possible; if not, you may need to write a custom
> extension that builds a command string in a C-level buffer, runs the
> command, and then overwrites the buffer before returning).
on the other hand, subprocess seems to support the buffer interface, so
the following slightly convoluted approach could be used instead of such
an extension:
>>> cmd = [101, 99, 104, 111, 32, 39, 104, 101, 108, 108, 111, 39]
>>> cmd = array.array("b", cmd) # build mutable buffer
>>> subprocess.call([buffer(cmd)], shell=True)
'hello'
>>> for i in range(len(cmd)): cmd[i] = 0 # nuke it
the secret text will be visible in memory during the subprocess call,
but it won't linger around once the for-loop has finished.
(don't forget to put a try/finally clause around the critical part)
</F>
More information about the Python-list
mailing list